Re: NSE PJL proof of concept

[David Fifield <david () bamsoftware com>]

On Mon, Jul 13, 2009 at 09:54:13AM -0700, Aaron Leininger wrote:
> > Do you get any sort of response from the printer confirming that the
> > string was set?  Maybe it is worth issuing a PJL call to request the
> > current status string to ensure it worked?  It might be even more
> > useful to do a status call first so that the output can print what the
> > status code WAS before it was changed.  Among other benefits, that
> > makes it easier to change it back when you're done horsing around.
>
> I did find a PJL command that may come in handy in implementing your
> suggestions however. After setting the ready message to "Test" using
> my script, I then used ncat included w/ nmap4.85beta10 to show the
> following:
>
> $ncat printerip 9100
> @PJL INFO STATUS
> @PJL INFO STATUS
> CODE=10001
> DISPLAY="Test   "
> ONLINE=TRUE
> ===========
> The first PJL line is the command I sent, everything after that is the
> response received. This particular target is a laserJet 5si. If I run
> the script against my laserjet 4100, there is no space in the DISPLAY
> variable and it always comes back in CAPS for the laserjet 4100 series
> regardless of how you send it in. One other thing is that a FF (form
> feed) character is always tacked onto the end of the response. It
> seems to me that it would be good to strip this off as in my tests,
> that FF character always rolls my display down as if I'd issued a
> clear command. 

That's perfect. I propose a new default behavior for the script: To
retrieve and print the current display. With a script arg, it could
change the message, then retrieve it again to be sure it was successful
(or possible truncated, etc.).

The form feed character is good, because it means it will be easy to
read replies using the socket:receive_buf function.

http://nmap.org/nsedoc/modules/nmap.html#receive_buf

You want to call socket:receive_buf("\x0c", false).

> So I guess there is a way to probe the status of the display to check
> that it worked. I'll have to get back to the drawing board and try to
> add some of this stuff in. 
>
> Other PJL commands that could be useful: (I have not tested all of
> these out of NSE yet)
> @PJL INFO PAGECOUNT
> returns the pagecount of the printer
>
> @PJL INFO ID
> returns the model of the printer 

I think those will make nice additions to the script. But once you
implement the retrieval of the current ready message and make the
changes in http://seclists.org/nmap-dev/2009/q3/0100.html, let's get the
script into revision control. Further changes can be made from there.

> These work well in ncat but the 5si won't respond to many of the
> commands from an NSE script where the 4100 I am testing against does
> seem to respond. I've tried setting the timeout as high as 8 seconds
> (8000ms) and I get nothing back from NSE. As I am still a relative
> novice w/ NSE, if anyone has an idea as to why this sort of behavior
> would happen, feel free to enlighten me. Also, Could someone point me
> at some good examples of how to do string parsing in NSE/lua? I'd like
> to figure out how to parse the status output to grab the DISPLAY=
> line. 

Are you remembering to end each command with "\r\n"? That's all I can
think of. If it works in Ncat there's no reason it shouldn't work in
NSE.

As for parsing, try something like this:

local msg
local line
for line in response:gmatch(".-\n") do
        local msg = line:match("^DISPLAY=\"(.*)\"")
        if msg then
                break
        end
end
-- Here msg will be the DISPLAY message or nil if not found.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org